Check our the Podcast on this blog!!! 10/3/2024

By: Mark Heather. In this blog, we are reviewing some of the major costs involved in staffing a midsized cybersecurity company, and how using collaborative AI agents can help reduce this cost.

We took an existing company that we carried out an ISO27001 assessment for and compared the results with having to run the assessment with traditional methods.

The assessment was for a company that is mid-size and has a turnover of $10,000,000-$15,000,000 with approximately 125 staff. Based on the extracted data from the assessment, for the cybersecurity budget allocation in 2024, here are the key considerations for determining what the client needs to allocate for their cybersecurity expenditure:

Key Priority Areas

1. Implementation of Policies and Procedures
   • Updating and implementing all the necessary policies such as Information Security Policy, Incident Management Policy, etc.
2. Personnel and Resources
   • Hiring a Chief Information Security Officer (CISO).
   • Creation of a dedicated and qualified Information Security function.
3. Third-Party Management
   • Implementing a robust third-party service provider due diligence process.
4. Compliance and Governance
   • Working towards compliance and potentially certification with recognized frameworks like ISO27001, GDPR, etc.
5. Risk Mitigation Strategies
   • Enhancing data privacy and security awareness training.
   • Implementing change management and privileged access controls.

Cost Estimates (Based on Industry Standards)

1. Personnel Costs
   • Chief Information Security Officer (CISO): $150,000 - $250,000 annually.
2. Policy Implementation
   • Consultancy and Policy Development: $50,000 - $100,000.
   • Compliance and Governance Frameworks: $70,000 - $150,000.
3. Technology and Tools
   • Security Tools and Software (e.g., encryption, access management, incident response tools): $100,000 - $200,000.
4. Third-Party Assessments
   • Vendor risk assessments and management tools: $40,000 - $80,000.
5. Training and Awareness
   • Data Privacy and Security Awareness Training: $20,000 - $50,000.

Suggested Budget Range

Considering the comprehensive scope of improving cybersecurity posture and addressing identified gaps, a suggested budget range for 2024 is:

$500,000 - $1,000,000

This range ensures that critical areas are addressed while allowing room for additional expenditures that may arise from unforeseen cybersecurity needs.

Detailed Recommendations

To maximize the effectiveness of your budget:

• Prioritize immediate implementation of policies and the hiring of a CISO.
• Allocate funds for a robust compliance framework to ensure long-term sustainability.
• Invest in the necessary tools and technologies to protect against current and emerging threats.
• Ensure continuous training and awareness programs for all personnel.
• Allocate part of your budget for incident response planning and testing, business continuity management, and regular penetration testing.
• Consider adopting a Zero Trust security model, which may involve additional investment in tools, training, and restructuring of your network architecture.

These expenditures will significantly enhance your cybersecurity resilience, reduce risks, and ensure compliance with regulatory frameworks.

Recommended Budget Allocation

• Personnel Costs (including CISO and additional cybersecurity staff): $200,000 - $300,000
• Implementation and Consultancy: $60,000 - $120,000
• Compliance and Governance: $100,000 - $200,000
• Technology and Tools: $150,000 - $250,000
• Third-Party Assessments: $50,000 - $100,000
• Training and Awareness: $30,000 - $60,000
• Incident Response, Business Continuity, and Penetration Testing: $50,000 - $100,000

To create a robust cybersecurity program, assess your specific needs, industry requirements, and potential threats. Tailor your budget to ensure comprehensive coverage while allowing for flexibility. Continuous review of your cybersecurity posture and budget allocations is essential to adapt to new challenges and technologies.

Using Collaborative AI Agents to Reduce Costs

While some of the costs identified above cannot be avoided, and we recommend always having “a human in the loop,” a significant reduction can be achieved by using AI agents that collaborate with each other to carry out some of the compliance and governance actions.

ComplianceAide uses the following methodology to assess cybersecurity compliance frameworks.

In the chart above, we show how our agents interact with each other in deciding the results of carrying out a cybersecurity assessment. Each agent has a specific job, such as being an expert in a framework (e.g., ISO27001, NIST CSF) or policy creation.

Our AI multimodal platform processes disparate information. The AI Manager breaks down the data and distributes the workload to the appropriate AI agents according to their role. The agents communicate to create the workflow. For example, Compliance Expert 1 aligns the information from uploaded documents with its framework and generates compliance policies. Meanwhile, Compliance Expert 2, using the same data, can create the requirements for its specific framework.

This process takes less than 10 minutes to produce a situation analysis report, detailing your current standing against the chosen standard and identifying any gaps. Traditionally, this process takes three months. A full assessment, typically requiring 9 months to a year, is completed by ComplianceAide in just 48 hours.

Cost Reductions

By having AI agents work collaboratively, we reduce costs. Using the same budget allocation as before, we estimate the following cost savings:

• Personnel Costs (including CISO and cybersecurity staff): $200,000 - $300,000
  Savings: $100,000
• Implementation and Consultancy: $60,000 - $120,000
  Savings: $60,000
• Compliance and Governance: $100,000 - $200,000
  Savings: $100,000
• Technology and Tools: $150,000 - $250,000
• Third-Party Assessments: $50,000 - $100,000
  Savings: $40,000
• Training and Awareness: $30,000 - $60,000
• Incident Response, Business Continuity, and Penetration Testing: $50,000 - $100,000

Total Savings:

$300,000 along with a significant time saving of months.